Data Loss Prevention System Employing Encryption Detection

1. A non-transitory computer-readable medium, storing program instructions executable by a computing device to: detect an attempt to transmit data; in response to detecting the attempt to transmit the data: determine a compression ratio of the data; determine that the data is encrypted based on determining that the compression ratio of the data is within a particular range of compression ratios; and disallow the attempt to transmit the data in response to said determining that the data is encrypted.

2. The non-transitory computer-readable medium of claim 1 , wherein the particular range is adjustable by an administrator.

3. The non-transitory computer-readable medium of claim 1 , wherein the program instructions are further executable by the computing device to implement sequestering the data in response to determining that the data is encrypted.

4. The non-transitory computer-readable medium of claim 1 , wherein the program instructions are further executable by the computing device to allow or disallow the attempt to transmit the data depending upon whether the data comprises a known, unencrypted file type.

5. The non-transitory computer-readable medium of claim 1 , wherein the program instructions are further executable by the computing device to allow or disallow the attempt to transmit the data depending upon a result of an attempt to decompress the data.

6. The non-transitory computer-readable medium of claim 1 , wherein the program instructions are further executable by the computing device to: determine whether the determination of the data being encrypted was a false positive determination; wherein the program instructions are executable by the computing device to perform said disallowing the attempt to transmit the data in response to determining that the determination of the data being encrypted was not a false positive determination.

7. The non-transitory computer-readable medium of claim 6 , wherein in performing said determining whether the determination of the data being encrypted was a false positive determination, the program instructions are executable by the computing device to determine whether the data is data of a known unencrypted type; wherein the program instructions are executable by the computing device to determine that the determination of the data being encrypted was not a false positive determination in response to determining that the data is not data of a known unencrypted type.

8. The non-transitory computer-readable medium of claim 6 , wherein in performing said determining whether the determination of the data being encrypted was a false positive determination, the program instructions are executable by the computing device to determine whether the data is compressed; wherein the program instructions are executable by the computing device to determine that the determination of the data being encrypted was not a false positive determination in response to determining that the data is not compressed.

9. The non-transitory computer-readable medium of claim 6 , wherein the attempt to transmit the data is a first attempt to transmit first data, wherein the program instructions are further executable by the computing device to: detect a second attempt to transmit second data; in response to detecting the second attempt to transmit the second data: determine a compression ratio of the second data; determine that the second data is encrypted based on determining that the compression ratio of the second data is within the particular range of compression ratios; determine that the determination of the second data being encrypted was a false positive determination; and allow the attempt to transmit the second data in response to said determining that the determination of the second data being encrypted was a false positive determination.

10. A system comprising: one or more processors; and a memory coupled to the one or more processors and storing program instructions executable by the one or more processors to: detect an attempt to transmit data; in response to detecting the attempt to transmit the data: determine a compression ratio of the data; determine that the data is encrypted based on determining that the compression ratio of the data is within a particular range of compression ratios; and disallow the attempt to transmit the data in response to said determining that the data is encrypted.

11. The system of claim 10 , wherein the particular range is adjustable by an administrator.

12. The system of claim 10 , wherein the program instructions are further executable by the one or more processors to implement sequestering the data in response to determining that the data is encrypted.

13. The system of claim 10 , wherein the program instructions are further executable by the one or more processors to allow or disallow the attempt to transmit the data depending upon whether the data comprises a known, unencrypted file type.

14. The system of claim 10 , wherein the program instructions are further executable by the one or more processors to allow or disallow the attempt to transmit the data depending upon a result of an attempt to decompress the data.

15. The system of claim 10 , wherein the program instructions are further executable by the one or more processors to: determine whether the determination of the data being encrypted was a false positive determination; wherein the program instructions are executable by the one or more processors to perform said disallowing the attempt to transmit the data in response to determining that the determination of the data being encrypted was not a false positive determination.

16. The system of claim 15 , wherein the attempt to transmit the data is a first attempt to transmit first data, wherein the program instructions are further executable by the one or more processors to: detect a second attempt to transmit second data; in response to detecting the second attempt to transmit the second data: determine a compression ratio of the second data; determine that the second data is encrypted based on determining that the compression ratio of the second data is within the particular range of compression ratios; determine that the determination of the second data being encrypted was a false positive determination; and allow the attempt to transmit the second data in response to said determining that the determination of the second data being encrypted was a false positive determination.

17. A method comprising: a computer system detecting an attempt to transmit data; in response to detecting the attempt to transmit the data: the computer system determining a compression ratio of the data; the computer system determining that the data is encrypted based on determining that the compression ratio of the data is within a particular range of compression ratios; and the computer system disallowing the attempt to transmit the data in response to said determining that the data is encrypted.

18. The method of claim 17 , further comprising: determining whether the determination of the data being encrypted was a false positive determination; wherein the attempt to transmit the data is disallowed in response to determining that the determination of the data being encrypted was not a false positive determination.

19. The method of claim 18 , wherein the attempt to transmit the data is a first attempt to transmit first data, wherein the method further comprises: detecting a second attempt to transmit second data; in response to detecting the second attempt to transmit the second data: determining a compression ratio of the second data; determining that the second data is encrypted based on determining that the compression ratio of the second data is within the particular range of compression ratios; determining that the determination of the second data being encrypted was a false positive determination; and allowing the attempt to transmit the second data in response to said determining that the determination of the second data being encrypted was a false positive determination.